Compliance and fraud teams are never done with Customer Due Diligence. Customer behavior changes and risk profiles evolve as new threats and regulations emerge.
Ongoing Customer Due Diligence (OCDD) procedures are compliance obligations to monitor accounts and the risks they pose for money laundering and other financial crimes.
Taking a perpetual approach to Know Your Customer (KYC) involves systematically reviewing accounts, transactions and risks. It’s not a check-the-box exercise, but rather an ongoing approach that embraces holistic data and deep analysis to protect the organization and re-engage customers.
Understanding account status, even in real time, is a powerful organizational tool. Insight into emerging risks can trigger immediate reviews and actions to prevent deeper problems.
Ongoing customer relationship monitoring
Certain regions often require regulated entities perform ongoing monitoring. That due diligence, according to the Federal Financial Institutions Examination Council, is crucial.
“Performing an appropriate level of ongoing due diligence that is commensurate with the customer’s risk profile is especially critical in understanding the customer’s transactions in order to assist the bank in determining when transactions are potentially suspicious,” according the council.
Ongoing due diligence requires tracking various activities and data sources, such as risk thresholds, suspicious activity, status changes, changes to account information, watchlists, market trends and trade data.
Systems that identify substantial spikes or deviations in activity can trigger alerts for staff investigations.
It’s one thing to identify a threshold for investigation, but it’s quite another to detect a pattern that sophisticated fraudsters use to stay off the radar. More dynamic risk-scoring can monitor numerous account variables. Machine learning and fraud analytics that monitor large transaction volumes can help organizations uncover patterns that point to questionable activities.
Evaluating risks and taking preventive actions
Detecting patterns isn’t the same as taking action. Those countermeasures are often the deciding factor in compliance determinations.
For example, the FinCEN Files reported in 2020 that many global banks had evidence of money laundering yet continued to transact with those accounts. They filed suspicious activity reports but didn’t take further action.
The Financial Action Task Force, in its Risk-Based Approach Guidance for the Banking Sector, states senior management should, “Promote compliance as a core value of the bank by sending a clear message that the bank will not enter into, or maintain, business relationships that are associated with excessive money laundering/terrorist financing risks which cannot be mitigated effectively.”
The resulting publicity didn’t reflect well on the offending banks or on regulators. Since the release of the FinCEN Files, there have been billions of dollars in fines.
The U.S. now has new AML laws, and further regulations and more demanding requirements are gathering momentum. In that context, creating systematic procedures to follow through on any red flags is crucial for OCDD.
If, for instance, an account needs extra checks through KYC remediation and the risk profile has fundamentally changed, Enhanced Due Diligence, or even account termination, might be required. The key is to have set processes that speed up responses to various scenarios.
It’s vital to consider the customer experience during OCDD actions. There are numerous valid reasons for account changes, and monitoring tools can create false positives. Fortunately, many checks don’t need client interaction.
In any case, due diligence offers a way to understand the customer that much better.
Perpetual KYC as a core value
For forward-looking organizations, compliance is a competitive advantage. Effective ongoing due diligence reduces risk and increases knowledge of customers. Establishing procedures that promote constant vigilance and respect for regulatory obligations helps create a transparent organization with good governance.
The implementation of perpetual KYC frees the organization from constantly checking batches of accounts to meet minimum standards. Account data is updated at an appropriate schedule to ensure accuracy. The updates are based on risk considerations, so the information better reflects the overall risk situation.
Perpetual KYC enables efficiencies in operations because work is spread out over time and most checks are automated. Checks that raise flags for further analysis produce less burden on staff members because the work doesn’t come in all at once. It also improves the customer experience because reviews focus on specific information rather than the entire account.
Companies that embrace the tenets of OCDD demonstrate the values that entice customers and investors and earn the respect of regulators. The tools, frameworks and strategies that drive OCDD are the same that create a scalable, adaptable and robust organization.